Meterpreter Reverse shell over TOR network using hidden services

Overview

Poiana

Reverse shell over TOR network using hidden services

Features

-> Create a hidden service

-> Generate non-staged payload (python/meterpreter_reverse_http)

-> Convert url using Tor2Web: a final extension .ws will be added, so url becomes available outside tor network

-> Generate batch .rc file for msfconsole

Usage

$ git clone https://github.com/CalfCrusher/Poiana/

$ cd Poiana && pip3 install -r requirements.txt

$ python3 poiana.py

NOTE: You need to edit your torrc file and insert: ControlPort 9151

I didn't want to insert this automatic 'feature' in my tool because of course you need to be root to edit torrc. In this way this script can run just as normal user. Remember do NOT run/trust scripts from others, discover some backdoor in fancy scripts is not rare unfortunately! Take care of source code, always :)

Be careful if the script fails to deleting hidden_service_data for some reasons. Script won't start correctly if this dir is already present before running tool. I'm trying to fix this behaviour, also because i want to add the (optional) feature to have persistence onion url and maybe the option to make an ephemeral hidden service (a hidden service without touching disk)

Why this project?

Reverse Shell on hidden services through Tor are sexy

One of the weaknesses of the attackers when they're exfiltrating compromised information is that they expose part of their technological infrastructure during the process. In this sense, the Tor network offers the possibility of making services in a machine accessible as hidden services, by taking advantage of the anonymity it offers and thereby preventing the real location of the machine from being exposed. Using Tor2Web, victim doesn't need to have tor or ncat. So, using Tor2Web our victim can establish a connection to our hidden service. To me it's really an interesting way to pop a reverse shell quite anonymously.

Tor2Web

Tor2web https://www.tor2web.org - is a software project to allow Tor hidden services to be accessed from a standard browser without being connected to the Tor network. You can find a list of Tor2Web volunteers: https://www.reddit.com/r/onions/comments/bx19c6/list_of_tor2web_gateways/

Disclaimer

Onion network is NOT 100% bulletproof: https://www.wired.com/2014/12/fbi-metasploit-tor. I made this tool just for educational use only. I'm not responsible for the consequences of illegal use. Please understands also that there is no warranty for this free software. Please note also that using Tor2Web is NOT secure from victim's point of view: the point of Tor is that users can connect without being eavesdropped on, and going through the clearnet (Tor2Web), even with https, seriously cripples the efforts made to protect users!

Owner
calfcrusher
Security Researcher
calfcrusher
Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.

Log4j_checker.py (CVE-2021-44228) Description This Python3 script tries to look for servers vulnerable to CVE-2021-44228, also known as Log4Shell, a v

lfama 8 Feb 27, 2022
POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL Pre-Auth RCE Injection Vulneralibity.

CVE-2021-26084 Description POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL(Object-Graph Navigation Language) Pre-Auth RCE Injection V

antx 9 Aug 31, 2022
Subdomain enumeration,Web scraping and finding usernames automation script written in python

Subdomain enumeration,Web scraping and finding usernames automation script written in python

Syam 12 Nov 22, 2022
Log4j minecraft with python

log4jminecraft This code DOES NOT promote or encourage any illegal activities! The content in this document is provided solely for educational purpose

David Bombal 154 Dec 24, 2022
带回显版本的漏洞利用脚本

CVE-2021-21978 带回显版本的漏洞利用脚本,更简单的方式 0. 漏洞信息 VMware View Planner Web管理界面存在一个上传日志功能文件的入口,没有进行认证且写入的日志文件路径用户可控,通过覆盖上传日志功能文件log_upload_wsgi.py,即可实现RCE 漏洞代码

3ky7in4 24 Nov 09, 2022
Phoenix Framework is an environment for writing, testing and using exploit code.

Phoenix Framework is an environment for writing, testing and using exploit code. 🖼 Screenshots 🎪 Community PwnWiki Forums 🔑 Licen

42 Aug 09, 2022
MD5-CRACKER - A gmail brute force app created with python3

MD5-CRACKER So this is my first app i created with python3 . if you guys downloa

2 Nov 10, 2022
Brute Force Guess the password for Instgram accounts with python

Brute-Force-instagram Guess the password for Instgram accounts Tool features : It has two modes: 1- Combo system from you 2- Automatic (random) system

45 Dec 11, 2022
A python script to bypass 403-forbidden.

4nought3 A python script to bypass 403-forbidden. It covers methods like Host-Header Injections, Changing HTTP Requests Methods and URL-Injections. Us

11 Aug 27, 2022
SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities.

The SCodeScanner stands for Source Code Scanner, where you can scan your source code files like PHP and get identify the vulnerabilities inside it. The tool can use by Pentester, Developer to quickly

136 Dec 13, 2022
Something I built to test for Log4J vulnerabilities on customer networks.

Log4J-Scanner Something I built to test for Log4J vulnerabilities on customer networks. I'm not responsible if your computer blows up, catches fire or

1 Dec 20, 2021
CVE-2022-21907 - Windows HTTP协议栈远程代码执行漏洞 CVE-2022-21907

CVE-2022-21907 Description POC for CVE-2022-21907: Windows HTTP协议栈远程代码执行漏洞 creat

antx 365 Nov 30, 2022
OMIGOD! OM I GOOD? A free scanner to detect VMs vulnerable to one of the

omigood (OM I GOOD?) This repository contains a free scanner to detect VMs vulnerable to one of the "OMIGOD" vulnerabilities discovered by Wiz's threa

Marco Simioni 13 Jul 13, 2022
CloudFlare reconnaissance, tries to uncover the IP behind CF.

CloudFlare reconnaissance, tries to uncover the IP behind CF.

Neospace 8 Dec 03, 2021
Make files with as many random bytes as you want

Lots o' Bytes 🔣 Make files with as many random bytes as you want! Use case Can be used to package malware that is normally small by making the downlo

Addi 1 Jan 13, 2022
QHack-2022 - Solutions to the Coding Challenges of QHack 2022

QHack 2022 Problems from Coding Challenges 2022. Rules and how it works To test

Isacco Gobbi 1 Feb 14, 2022
Privacy-respecting metasearch engine

Privacy-respecting, hackable metasearch engine / pronunciation səːks. If you are looking for running instances, ready to use, then visit searx.space.

Searx engine 12.4k Jan 08, 2023
This tool help you to check if your Windows machine has hidden miner.

Hidden Miner Detector This tool help you to check if your Windows machine has hidden miner. Miners track when you open antivirus software or task mana

Николай Борщёв 2 Oct 05, 2022
Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.

GoodHound ______ ____ __ __ / ____/___ ____ ____/ / / / /___ __ ______ ____/ / / / __/ __ \/ __ \/ __

idna 352 Jan 02, 2023